Pages

2011/08/05

E-Virus (Part II): Maybe your PC is infected by an e-virus... how to verify its presence?

Depending upon the operation level of the PC you can work in various ways:

A) You can start the PC and enter your username and password.

In this case you can use some tools:

1) Using the free tool GMER you can both see if a rootkit is present, and disable or remove the indicted service / process (E-virus) from the memory and from the next boot starting process. To recognize the services / processes infected by E-viruses might be useful to look for files with very odd names (eg: rytrewxz.dll). GMER usually marks them in red and / or specifies the (*** hidden ***)attribute which means "file hidden to the user." In case that the message: "WARNING! GMER has found system modification, Which Might Have Been Caused by ROOTKIT activity. Do you want to fully scan your system? " appears, it is evident that GMER has identified a rootkit in the system and ask to start the full scan of your PC.

2) If you simultaneously press the keys CTRL + ALT + DEL and access to the Windows Task Manager you can see all the processes active in the PC memory and identify those that have random names such as those cited in case (1), possibly you can kill ("terminate") them, by temporarily removing them from the memory.

3) Using the free tool McAfee Stingeryou can identify and remove the most common e-VIRUSES. This is an automatic procedure since the tool detects both infections in place (memory files), and infected tracks and files in the analyzed hard drive. The tool shows which kind of many "problems" it could identify and provides eith their eradication.

4) Using the free tool Prevxyou can identify both a rootkit either that kind of insidious virus that is installed in the MBR (Master Boot Record) of the hard disk. The free version detects and lists all the E-viruses present in the system but it does not eliminate them. However, it may be useful to detect the name of E-virus that infected your PC or the kind of epidemic in progress.